offline
- puela
- Građanin
- Pridružio: 06 Jan 2006
- Poruke: 64
|
Hvala Dr Bora!
Imam pitanje u vezi tog da je "mrežni". Ja nisam ni sa kim umrežena, jedino ako je to moguće preko internet veze nekako, ja imam wireless?
Evo izveštaja Combofix-a.
ComboFix 09-07-23.04 - ana 24.07.2009 22:56.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.87 [GMT 2:00]
Running from: c:\documents and settings\ana\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 13:56 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-24 13:56 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-17 20:39 . 2009-07-17 20:52 -------- d-----w- c:\documents and settings\ana\Local Settings\Application Data\Temp
2009-07-14 11:56 . 2009-07-14 11:56 -------- d-----w- c:\documents and settings\ana\.thumbnails
2009-07-14 11:54 . 2009-07-14 16:13 -------- d-----w- c:\documents and settings\ana\.gimp-2.6
2009-07-14 11:54 . 2009-07-14 11:54 -------- d-----w- c:\documents and settings\ana\.gegl-0.0
2009-07-14 11:53 . 2009-07-14 11:53 -------- d-----w- c:\program files\GIMP-2.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 15:27 . 2007-05-23 15:07 -------- d-----w- c:\program files\CCleaner
2009-07-22 19:10 . 2009-03-26 23:50 -------- d-----w- c:\documents and settings\ana\Application Data\HPAppData
2009-07-19 20:36 . 2007-07-16 15:59 -------- d-----w- c:\documents and settings\ana\Application Data\foobar2000
2009-07-18 00:11 . 2009-07-18 08:18 3608064 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-07-15 08:28 . 2007-10-16 07:31 18131284 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-14 16:13 . 2007-05-09 20:16 -------- d-----w- c:\documents and settings\ana\Application Data\gtk-2.0
2009-07-12 16:19 . 2008-04-22 22:13 -------- d-----w- c:\documents and settings\ana\Application Data\Any Video Converter
2009-06-13 01:54 . 2009-06-13 09:17 2637824 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-06-10 19:50 . 2007-04-26 08:15 77432 ----a-w- c:\documents and settings\ana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 17:18 . 2009-05-27 17:18 -------- d-----w- c:\program files\AskBarDis
2009-05-27 17:13 . 2007-05-25 13:03 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-05-19 12:22 . 2009-05-19 12:22 390664 ----a-w- c:\documents and settings\ana\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2007-03-20 21:47 . 2007-07-10 01:38 1748224 ----a-w- c:\program files\Foxit PDF Reader v2.0 Build 1516.exe
2005-08-26 11:38 . 2007-07-13 19:26 933888 ----a-w- c:\program files\FontViewer.exe
2009-07-19 09:18 . 2008-06-17 19:50 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-08-21 05:04 . 2007-04-28 18:47 56 --sh--r- c:\windows\system32\BEAC641D62.sys
2007-11-13 21:03 . 2007-04-28 18:43 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Google Update"="c:\documents and settings\ana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-23 3756032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-04-23 46080]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-04-26 949376]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-18 67584]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-04-23 831488]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^ana^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\ana\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26.4.2007 21:23 15424]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1993962763-1417001333-1003Core.job
- c:\documents and settings\ana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-04 18:23]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1993962763-1417001333-1003UA.job
- c:\documents and settings\ana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-04 18:23]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\ana\Application Data\Mozilla\Firefox\Profiles\8lmmhfsa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/sr/
FF - plugin: c:\documents and settings\ana\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-24 23:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(3908-)
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-24 23:08
ComboFix-quarantined-files.txt 2009-07-24 21:08
Pre-Run: 25.048.707.072 bytes free
Post-Run: 25.034.227.712 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
175 --- E O F --- 2009-07-24 14:06
|
Preuzmi program 
Kada preuzimanje programa bude završeno:
), a zatim 
